Phillip Hallam-Baker's Web Security Blog

If I was an executive of a US bank looking to corner the market in corporate credit cards, I would be telling my management that they had to adopt Chip and PIN immediately or expect to lose the business of corporate international travelers.

You cannot use a US issued credit card in the typical UK store any more. If its not Chip and PIN it simply does not exist as far as they are concerned. Whatever the Visa and Mastercard exchange rules might say on accepting all current cards is irrelevant as far as the underpaid sales assistant is concerned. No chip, no pin means no service.

And the situation is only going to get worse. Chip and PIN does have some security issues, but those reported to date are all due to the need for interoperation with legacy magnetic stripe systems. US banks can complain about their cards not being honored in Europe as per the merchant card agreement, but the European banks are unlikely to be very interested. Chip and PIN has all but eliminated card present fraud.

Posted by Phillip Hallam-Baker at 12:02 PM | Permalink | Comments (0)

The paradox of security is that it is almost always possible to solve any single security problem with a simple and effective solution.

Having problems with spam? Shut down the mail server, or only accept mail from people you already know. Having problems with people posting copyright material on the Web? Allow anyone to shut down any Web site they choose instantly with a phone call.

Worried about the risk of being hoaxed with a prank call? Well hang up on the President elect when he calls you to congratulate you on your election victory.

Security is really easy when you are only concerned about one side of the problem. And that us why so many 'obvious solutions' that are proposed by interest groups are unworkable. The proposers only take time to understand one side of the problem, usually their side of the problem. Then they try to push their solution through by attempting to minimize the significance of the objections of the other side, rather than trying to address them.

The fact that the President may not be able to call a Member of Congress and speak to them for fear of a hoax should be considered a national security concern. As should the risk that a hoax might be perpetrated for malicious purpose.

And it is not just members of Congress. The email lists used during the campaign are still active (Kerry's list from 2004 is also still active). They reach millions of activists. What if someone was to work out a way of engaging those for malicious purposes?

The email problem could be solved today, every communication from a major political campaign should be signed, whether the recipient is a member of Congress or a member of the public. That is what DKIM is designed to permit.

But signing is only one half of the problem, how is the user made aware that the communication is genuine? Here I think we should take a cue from Hollywood. Think of any movie scene in which the President of the United States appears in a video-conference. does the President just appear on the line? No, because even though the President of the United States is going to be recognized on sight, that is not the protocol. What you invariably see in a scene of that type is first an establishment shot for the seal of the President of the United States. Then the President appears.

That is what we should have for Internet communications, and it is something that we could do very quickly for email and extend to other modes of communication in a short period of time.

Posted by Phillip Hallam-Baker at 5:24 AM | Permalink | Comments (0)